44 matches found
WordPress ARForms plugin <= 6.4.1 - Subscriber+ Plugin Settings Change vulnerability
Subscriber+ Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4.1...
WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability
Subscriber+ Arbitrary File Read vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4.1...
WordPress HTML5 Video Player plugin <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Lucio Sá in WordPress Plugin Flash & HTML5 Video versions = 2.5.34...
WordPress WP ULike plugin < 4.7.2.1 - Subscriber+ Stored-XSS vulnerability
Subscriber+ Stored-XSS vulnerability discovered by stealthcopter in WordPress Plugin WP ULike versions 4.7.2.1...
WordPress Leopard plugin <= 2.0.36 - Subscriber+ Plugin Settings Change vulnerability
Subscriber+ Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Leopard - WordPress offload media versions = 2.0.36...
CVE-2024-6703
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...
WordPress Social Auto Poster plugin <= 5.3.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin Social Auto Poster versions = 5.3.14...
WordPress ArtPlacer Widget plugin < 2.21.2 - Subscriber+ Arbitrary Widget Deletion vulnerability
Subscriber+ Arbitrary Widget Deletion vulnerability discovered by Bob Matyas in WordPress Plugin ArtPlacer Widget versions 2.21.2...
WordPress WordPress Plugin Tournamatch plugin < 4.6.1 - Subscriber+ Stored XSS vulnerability
Subscriber+ Stored XSS vulnerability discovered by Davide Balzano in WordPress Plugin Tournamatch versions 4.6.1...
WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability
Subscriber+ Multiple Broken Access Control vulnerability discovered by Dave Jong Patchstack in WordPress Plugin User Activity Log Pro versions = 2.3.4...
WordPress Easy Affiliate Links plugin <= 3.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Lucio Sá in WordPress Plugin Easy Affiliate Links versions = 3.7.3...
WordPress Widget Options Extended plugin <= 5.1.0 - Subscriber+ User Meta Data Exposure Vulnerability
Subscriber+ User Meta Data Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options - Extended versions = 5.1.0...
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ Private/Draft Post Exposure Vulnerability
Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability
Subscriber+ User Meta Data Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...
WordPress Visualizer plugin <= 3.10.15 - Subscriber+ Arbitrary SQL Execution vulnerability
Subscriber+ Arbitrary SQL Execution vulnerability discovered by Krzysztof Zając in WordPress Plugin Visualizer versions = 3.10.15...
WordPress SP Project & Document Manager plugin <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update vulnerability
Authenticated Subscriber+ Arbitrary Folder Name Update vulnerability discovered by fewwords huang in WordPress Plugin SP Project & Document Manager versions = 4.70...
WordPress ParcelPanel plugin <= 3.8.1 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin ParcelPanel versions = 3.8.1...
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability
Subscriber+ Arbitrary WordPress Options Removal vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress WooCommerce Customers Manager plugin < 29.7 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by Ivan Spiridonov in WordPress Plugin WooCommerce Customers Manager versions 29.7...